Log Management & Compliance Programs
If you're wondering about your industry and which specific regulations apply, we recommend coordinating with your legal or security departments. That being said, below is a list of different regulations in which calls for, or refers to, the need of a log management solution:
| Program/ regulation | Purpose | Scope | Framework | Associated |
|---|---|---|---|---|
| PCI | Credit card security program | Any business that handles or processes Cardholder data systems | PCI-DSS | States Breach and Privacy legislation |
| HIPAA – Health Insurance Portability and Accountability Act & HITECH Health Information Technology for Economic and Clinical Health Act | Healthcare data protection and associated health information technology | Any business that stores or processes personal health information or runs electronic health information systems | Privacy and Safeguards Rules | HITRUST States Breach and Privacy legislation |
| FISMA – Federal Information Security Management Act | Federal Systems protection | Any federal entity that processes government information | NIST SP 800-53 | CNSSI 1253 – National Security rules |
| FedRAMP – Federal Risk and Authorization Management Program | Federal Systems protection on Cloud environments | FedRAMP is for implementation of federal systems in a public cloud | FedRAMP Security Assessment Framework | NIST 800-53 & Cloud Security Alliance – CSAIQ |
| GDPR – General Data Protection Regulation | Protect privacy data of individuals | Any Business that has EU citizen personal data | GDPR Articles 1–99 | ISO 27018, ISO 27001 |
| GLBA –Gramm-Leach-Bliley Act | Protections of systems processing customer data | Financial institutions that process customer data | Safeguards Rule | FCRA, GDPR, States Financial, Breach and Privacy legislation |
| NERC-CIP Critical Infrastructure Protection | Protection of Electrical Systems Infrastructure | Utilities, generators, and transmission | Energy Sector Cybersecurity Framework (C2M2) | NIST 800-53, ISO 27001 |
| SOX – Sarbanes-Oxley Act | Protection of accounting data and systems | Any publicly traded entity | PCAOB CoBIT, SOC-2 |
Trunc Helps With Log Management
With Trunc, organizations are able to easily send all their logs to one centralized location. From there, their teams can easily access, analyze and parse the logs as needed. It also provides a mechanism to ensure the integrity of the logs, making it impossible for users and bad actors to modify and ensuring you have a source of truth in the event of an incident.
